feat: add tests

.gitlab-ci-other-versions.yml

 # This file is managed manually
-# Note: Renovate will strip any `v` prefix from the versions when it does an upgrade
+#
+# NOTE: Renovate will strip any `v` prefix from the versions when it does an upgrade
 # so be sure not to include the `v` prefix on version numbers here.
 variables:
   GL_COMMON_CI_TASKS_DEFAULT_GITLEAKS_VERSION: "8.18.4"  # datasource=github-releases depName=zricethezav/gitleaks

.gitlab-ci.yml

@@ -14,6 +14,10 @@ include:
   - local: templates/standard.yml
   - local: kaniko.yml
+  # Tests which run against the downstream pipeline in the
+  # gitlab-com/gl-infra/common-ci-task-tests project
+  - local: test/downstream-pipeline-tests/tests.gitlab-ci.yml
+
 #########################################
 # Builds images
 #########################################

README.md

-# gitlab-ci-tools
-This project includes reuseable GitLab-CI jobs for the GitLab Dedicated Project.
+# common-ci-tasks
+This project includes reuseable GitLab-CI jobs for the GitLab SaaS Platforms team.
 Setting up a new project? Use the [project template](#project-template).
@@ -60,3 +60,15 @@ Alternatively to using the templates above, you can include the following indivi
 `common-ci-tasks` favours convention-over-configuration, and expects configuration files and some directories to be configured in a certain way. The quickest way to get going on a new project is to use the `common-template-copier` project template to generate a new project based on the conventions expected by these CI tasks.
 **More information on using project templates can be found in the [project templates documentation.](./docs/project-templates.md).**
+
+## Developing Templates
+
+### Testing
+
+The project <https://gitlab.com/gitlab-com/gl-infra/common-ci-task-tests> is a test-bed for the tasks in this project.
+When a template is changed, a downstream CI/CD pipeline will be initiated in the `common-ci-task-tests` project,
+running the current branch of `common-ci-task-tests`.
+
+This provides some basic testing of functionality.
+Over time, these unit tests should be expanded to include more edge-cases and
+more templates.

container-diff.yml

@@ -13,6 +13,9 @@ spec:
       description: The stage in which to run the job
 ---
+include:
+  - local: .gitlab-ci-other-versions.yml
+
 $[[ inputs.job_name ]]:
   stage: $[[ inputs.stage ]]
   needs:

gitleaks.yml

@@ -6,6 +6,9 @@ spec:
       default: docker.io
 ---
+include:
+  - local: .gitlab-ci-other-versions.yml
+
 gitleaks:
   stage: $[[ inputs.stage ]]
   needs: []
@@ -34,7 +37,7 @@ gitleaks:
     https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/gitleaks.md
     EOD
   rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "parent_pipeline"'
       exists:
         - .gitleaks.toml
   # Automatically retry on any system blips

goreleaser.yml

@@ -38,7 +38,7 @@ goreleaser_validate:
     name: $[[ inputs.docker_hub_host ]]/goreleaser/goreleaser:v${GL_ASDF_GORELEASER_VERSION}
     entrypoint: [""]
   rules:
-    - if: '($CI_PIPELINE_SOURCE == "merge_request_event" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")) && $FIPS_MODE != "1"'
+    - if: '($CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "parent_pipeline" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")) && $FIPS_MODE != "1"'
       exists:
         - .goreleaser.yml
@@ -48,7 +48,7 @@ goreleaser_validate-fips:
     name: $[[ inputs.docker_hub_host ]]/goreleaser/goreleaser-cross:v${GL_ASDF_GOLANG_VERSION}-v${GL_ASDF_GORELEASER_VERSION}
     entrypoint: [""]
   rules:
-    - if: '($CI_PIPELINE_SOURCE == "merge_request_event" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")) && $FIPS_MODE == "1"'
+    - if: '($CI_PIPELINE_SOURCE == "merge_request_event"  || $CI_PIPELINE_SOURCE == "parent_pipeline" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")) && $FIPS_MODE == "1"'
       exists:
         - .goreleaser.yml
@@ -71,7 +71,7 @@ goreleaser_build:
   rules:
     - if: $CI_PIPELINE_SOURCE == "schedule"
       when: never
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)'
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "parent_pipeline" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
       exists:
         - .goreleaser.yml

hclfmt.yml

@@ -4,6 +4,9 @@ spec:
       default: validate
 ---
+include:
+  - local: .gitlab-ci-other-versions.yml
+
 hclfmt:
   stage: $[[ inputs.stage ]]
   needs: []

jsonfmt.yml

@@ -43,4 +43,4 @@ jsonfmt:
   rules:
     - if: '$CI_PIPELINE_SOURCE == "schedule"'
       when: 'never'
-    - if: '($CI_PIPELINE_SOURCE == "merge_request_event") || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)'
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"  || $CI_PIPELINE_SOURCE == "parent_pipeline" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

promlint.yml

@@ -20,6 +20,6 @@ promlint:
   rules:
     - if: '$CI_PIPELINE_SOURCE == "schedule"'
       when: 'never'
-    - if: '($CI_PIPELINE_SOURCE == "merge_request_event") || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH)'
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "parent_pipeline" || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
       exists:
         - .pint.hcl

semantic-release.yml

@@ -54,6 +54,9 @@ spec:
     - if: '$CI_API_V4_URL == "https://ops.gitlab.net/api/v4"'
       when: never
+    # Parent pipelines are used for testing, when COMMON_CI_TASKS_REF is set
+    - if: '$CI_PIPELINE_SOURCE == "parent_pipeline" && $COMMON_CI_TASKS_REF'
+
     # Don't run when the pipeline was triggered by another pipeline
     - if: '$CI_PIPELINE_SOURCE == "pipeline"'
       when: never

shellcheck.yml

@@ -21,8 +21,9 @@ shellcheck:
     https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/shellcheck.md
     EOD
   rules:
-    - if: $GL_ASDF_SHELLCHECK_VERSION == null || $GL_ASDF_SHELLCHECK_VERSION == ""
+    - if: '$GL_ASDF_SHELLCHECK_VERSION == null || $GL_ASDF_SHELLCHECK_VERSION == ""'
       when: never
     - if: '$CI_PIPELINE_SOURCE == "schedule"'
-      when: 'never'
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      when: never
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "parent_pipeline"'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

shfmt.yml

@@ -28,5 +28,5 @@ shfmt:
       when: never
     - if: '$CI_PIPELINE_SOURCE == "schedule"'
       when: 'never'
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "parent_pipeline"'
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

test/downstream-pipeline-tests/tests.gitlab-ci.yml

+test_downstream_pipeline_tests:
+  stage: validate
+  needs: []
+  inherit:
+    variables: false
+  parallel:
+    matrix:
+      # TODO: add special tests for these templates as they don't work will with the current downstream model testing approach
+      # - kaniko.yml
+      # - mirroring.yml
+      # - container-diff.yml
+      # - oidc.yml
+      # - promlint.yml
+      # - gitlint.yml
+      # - gitleaks.yml
+      # - semantic-release.yml
+      - COMMON_CI_TASKS_TEST:
+          - asdf-tool-versions.yml
+          - checkov.yml
+          - editorconfig-check.yml
+          - gitlab-scanners.yml
+          - go-mod-tidy.yml
+          - go-unittests.yml
+          - golangci-lint.yml
+          - goreleaser.yml
+          - hclfmt.yml
+          - jsonfmt.yml
+          - renovate-bot.yml
+          - shellcheck.yml
+          - shfmt.yml
+          - terraform-format.yml
+          - terraform-validate.yml
+          - tflint.yml
+          - yamllint.yml
+          - templates/standard.yml
+          - templates/golang.yml
+          - templates/terraform.yml
+        COMMON_CI_TASKS_REF: $CI_COMMIT_SHA
+  trigger:
+    project: gitlab-com/gl-infra/common-ci-task-tests
+    branch: main
+  rules:
+    - if: '$CI_API_V4_URL != "https://gitlab.com/api/v4"'
+      when: never
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      changes:
+        - ${COMMON_CI_TASKS_TEST}
+        - .gitlab-ci-asdf-versions.yml
+        - .gitlab-ci-other-versions.yml
+        - .gitlab-ci-default-asdf-versions.yml

yamllint.yml

@@ -3,6 +3,10 @@ spec:
     stage:
       default: validate
 ---
+
+include:
+  - local: .gitlab-ci-other-versions.yml
+
 yamllint:
   stage: $[[ inputs.stage ]]
   needs: []